GDPR puts focus on ownership. Identify your technical lead, DPO, and executive sponsor to bear responsibility for data privacy programs.
Data Audit & Classification
Map data flows and relevant systems to mark various structures, files and systems where different levels of privacy need to be maintained. Include 3rd parties and backup systems.